Highly scalable and resilient services based in the cloud are winning out over traditional arguments surrounding cloud costs, service maturity, and a general distrust over outsourcing critical infrastructure. Everyone can see it.
Even Microsoft is aligning itself with this shifted tide. Server 2016 is bursting with cloud-centric features. From Azure Active Directory support to the cloud-friendly Nano Server to native hybrid functionality in apps like SQL Server and SharePoint.
Microsoft’s shift to the cloud brings up a tricky question: Do you migrate your email to the cloud?
Exchange is one of Microsoft’s oldest and most well established on-prem business applications, providing email and calendaring for hundreds of thousands of companies. In a natural evolution, Exchange Online is the SaaS version of the ubiquitous email server, and it has gained a substantial adoption from the enterprise all the way down to tiny one-man businesses.
So, do you move your email into the cloud? Seems like an easy answer for any admin. One less server to patch and backup, fewer outages, and no licensing headaches. But it might not be a great fit for every company, let’s explore why.
Government and healthcare pros, beware
Compliance and security laws impact IT in certain industries more than others. For the U.S. federal government, an assessment and authorization process called FedRAMP is the gold standard by which cloud services are evaluated.
FedRAMP allows for a standard of judging a cloud service’s security posture and controls. Any government agency can follow FedRAMP to evaluate any SaaS provider with a consistent and stringent measure, ensuring the security of any data stored or accessed by the service. No FedRAMP authorization? No cloud business with the government. For email, your cloud migration project will be stopped in its tracks without an authorized vendor.
The healthcare industry has its own rules. In the U.S., HIPAA has firm provisions for protecting patient confidentiality. Most are regarding staff training, but IT systems must also comply, including email. HIPAA violations can result in big fines for the healthcare provider, so choose where you run your email carefully.
For security’s sake
Most cloud services use what’s called multi-tenancy. Basically, the servers holding your data also hold other companies’ data. With proper security, this isn’t an issue. User access can be strictly controlled. Communication between virtual servers running on the same host is isolated.
Security isn’t always perfect though. Automation can go south, configurations can be misapplied, or vulnerabilities allowing guest VMs direct access to the host can go public (this just happened last year).
Few dedicated email hosts are not going to be multi-tenancy though, so if you want to avoid it completely, running your own servers is the only reasonable option.
99.999% is not 100%
Pro of SaaS: No servers to fix during an outage.
Con of SaaS: No servers to fix during an outage.
If your on-prem Exchange server goes down, you have full access to your infrastructure, hosts, backups, everything necessary to troubleshoot and resolve the outage. If Exchange Online goes down, you… well… can open a ticket and wait. And don’t managers love hearing “There’s nothing we can do?”
When you’re completely at the mercy of Microsoft support, no amount of quick reaction time from your team matters. Don’t forget, no one cares more about your uptime than you do.
Exchange 2016 offers architecture possibilities with high levels of redundancy. Multiple servers in multiple geographic locations running multiple copies of your database, making an outage a rare event. 99.999% uptime is pretty great and way more than Exchange Online promises.
Just remember that 99.99% still allows almost an hour of downtime per year, and that’s an hour of pain that could be avoided by keeping your email in-house.
Going hybrid is also an option
A hybrid Exchange deployment can be the best of both worlds. A hybrid setup is typically used to stage a migration with the end goal of fully moving into the cloud. But you can stay hybrid perpetually. Your main advantage will be the flexibility of keeping some users on-premise. You might consider this based on how you want to maintain security requirements for sensitive mailboxes.
What if you already have a beautiful data center?
A resilient on-prem infrastructure costs loads of money. Load balancers, storage arrays, redundant virtualization hosts, UPSes, the list goes on. If you’ve already invested in such a glorious data center, why ignore it and pay for a monthly Exchange Online subscription?
The biggest selling points of the cloud are scale and uptime. You can take advantage of a provider’s huge capacity and redundancy to ensure performance and uptime. However, if you’ve done the work already you’re double paying now. All the ROI that the cloud promises just got cut — substantially.
To make the call or not
There are substantial benefits and drawbacks to both cloud and on-prem mail servers. Cloud email hosting via Exchange Online and other services is gaining more traction. But as we’ve seen, there are situations where on-prem still makes sense. It’s worth taking a hard look at your needs and finding the best fit for your own data, your team, and your industry.